# Archive
Browse past daily curated stories
Wednesday, April 15, 2026
-
1Krebs on Security threat-intelPatch Tuesday, April 2026 Edition
Microsoft released patches for 167 vulnerabilities in April 2026 Patch Tuesday, including an actively exploited SharePoint Server zero-day and a publicly disclosed Windows Defender flaw called "BlueHammer." Google also patched its fourth Chrome zero-day of 2026, while Adobe fixed an actively exploited Reader vulnerability enabling remote code execution.
-
2BleepingComputer generalMicrosoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Microsoft's April 2026 Patch Tuesday addresses 167 security flaws including 2 zero-day vulnerabilities, marking the second-largest monthly security update on record by CVE count. The patches include fixes for elevation-of-privilege bugs that comprised over half of the vulnerabilities addressed.
-
3BleepingComputer generalOver 100 Chrome extensions in Web Store target users accounts and data
Security researchers discovered over 100 malicious Chrome extensions in the official Web Store targeting users' Google OAuth2 Bearer tokens, deploying backdoors, and conducting ad fraud. These extensions represent a significant supply chain threat through Google's official distribution channel.
-
4The Hacker News generalCISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
CISA added 6 actively exploited vulnerabilities to its KEV catalog, including CVE-2026-21643 (CVSS 9.1) affecting Fortinet FortiClient EMS through SQL injection, plus Microsoft and Adobe flaws. The additions indicate ongoing active exploitation of these critical security defects in enterprise environments.
-
5BleepingComputer generalFake Ledger Live app on Apple’s App Store stole $9.5M in crypto
A fake Ledger Live app distributed through Apple's App Store stole approximately $9.5 million in cryptocurrency from 50 victims within just a few days in April 2026. The malicious macOS application successfully bypassed Apple's security review process to target crypto wallet users.
-
6BleepingComputer generalMcGraw-Hill confirms data breach following extortion threat
Education company McGraw-Hill confirmed hackers exploited a Salesforce misconfiguration to access internal data and subsequently made extortion threats. The breach highlights risks from cloud service misconfigurations in enterprise environments handling sensitive educational data.
-
7SecurityWeek generalEurope’s Largest Gym Chain Says Data Breach Impacts 1 Million Members
Europe's largest gym chain Basic-Fit reported a data breach affecting 1 million members across multiple EU countries, with hackers stealing names, dates of birth, and bank account details. The incident represents one of the largest fitness industry breaches affecting European consumers.
-
8BleepingComputer generalCrypto-exchange Kraken extorted by hackers after insider breach
Cryptocurrency exchange Kraken disclosed that cybercriminals are attempting extortion after an insider breach, threatening to release videos showing internal systems containing client data. The incident highlights insider threat risks at major financial platforms handling sensitive customer information.
-
9The Record threat-intelFBI, Indonesia take down W3LL phishing tool
The FBI and Indonesian law enforcement dismantled the W3LL phishing tool that allowed hackers to create fake login portals for major services at just $500 per license. This takedown disrupts a widely-used cybercrime-as-a-service platform that enabled large-scale credential theft operations.
-
10Schneier on Security threat-intelOn Anthropic’s Mythos Preview and Project Glasswing
Security expert Bruce Schneier analyzes Anthropic's restricted Claude Mythos Preview model and Project Glasswing initiative, which aims to find and patch vulnerabilities before the AI model's offensive capabilities become publicly available. The analysis examines implications of AI-powered vulnerability discovery outpacing traditional security practices.